Enabling a “RISC” Approach for Software-Defined Monitoring using Universal Streaming Vyas Sekar Zaoxing Liu, Greg Vorsanger, Vladimir Braverman.

Slides:



Advertisements
Similar presentations
Rectangle-Efficient Aggregation in Spatial Data Streams Srikanta Tirthapura David Woodruff Iowa State IBM Almaden.
Advertisements

The Data Stream Space Complexity of Cascaded Norms T.S. Jayram David Woodruff IBM Almaden.
New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
Vladimir(Vova) Braverman UCLA Joint work with Rafail Ostrovsky.
ABSTRACT We consider the problem of computing information theoretic functions such as entropy on a data stream, using sublinear space. Our first result.
A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,
Making Cellular Networks Scalable and Flexible Li Erran Li Bell Labs, Alcatel-Lucent Joint work with collaborators at university of Michigan, Princeton,
FLAME: A Flow-level Anomaly Modeling Engine
Revisiting the Case for a Minimalist Approach for Network Flow Monitoring Vyas Sekar, Michael K Reiter, Hui Zhang 1.
PERSISTENT DROPPING: An Efficient Control of Traffic Aggregates Hani JamjoomKang G. Shin Electrical Engineering & Computer Science UNIVERSITY OF MICHIGAN,
Rethinking NetFlow: A Case for a Coordinated “RISC” Architecture for Flow Monitoring Vyas Sekar Joint work with Mike Reiter, Hui Zhang David Andersen,
Probabilistic Aggregation in Distributed Networks Ling Huang, Ben Zhao, Anthony Joseph and John Kubiatowicz {hling, ravenben, adj,
1 Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams Robert Schweller Ashish Gupta Elliot Parsons Yan Chen Computer.
Polytechnic University,ECE Department1 Detection of “Hot Spots” Paper Title : Joint Data Streaming and Sampling Techniques for Detection of Super Sources.
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.
Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.
Reverse Hashing for Sketch Based Change Detection in High Speed Networks Ashish Gupta Elliot Parsons with Robert Schweller, Theory Group Advisor: Yan Chen.
Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Dream Slides Courtesy of Minlan Yu (USC) 1. Challenges in Flow-based Measurement 2 Controller Configure resources1Fetch statistics2(Re)Configure resources1.
Layer-3 Routing Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Coordinated Sampling sans Origin-Destination Identifiers: Algorithms and Analysis Vyas Sekar, Anupam Gupta, Michael K. Reiter, Hui Zhang Carnegie Mellon.
Software-defined Measurement
SECURING NETWORKS USING SDN AND MACHINE LEARNING DRAGOS COMANECI –
Chapter 4: Managing LAN Traffic
Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.
SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.
Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College.
New Streaming Algorithms for Fast Detection of Superspreaders Shobha Venkataraman* Joint work with: Dawn Song*, Phillip Gibbons ¶,
Using Measurement Data to Construct a Network-Wide View Jennifer Rexford AT&T Labs—Research Florham Park, NJ
DoWitcher: Effective Worm Detection and Containment in the Internet Core S. Ranjan et. al in INFOCOM 2007 Presented by: Sailesh Kumar.
Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.
Bohatei: Flexible and Elastic DDoS Defense
Resource/Accuracy Tradeoffs in Software-Defined Measurement Masoud Moshref, Minlan Yu, Ramesh Govindan HotSDN’13.
A Formal Analysis of Conservative Update Based Approximate Counting Gil Einziger and Roy Freidman Technion, Haifa.
1 LD-Sketch: A Distributed Sketching Design for Accurate and Scalable Anomaly Detection in Network Data Streams Qun Huang and Patrick P. C. Lee The Chinese.
Data Stream Algorithms Ke Yi Hong Kong University of Science and Technology.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Trajectory Sampling for Direct Traffic Oberservation N.G. Duffield and Matthias Grossglauser IEEE/ACM Transactions on Networking, Vol. 9, No. 3 June 2001.
Open-Eye Georgios Androulidakis National Technical University of Athens.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
CS 740: Advanced Computer Networks IP Lookup and classification Supplemental material 02/05/2007.
Calculating frequency moments of Data Stream
2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.
SCREAM: Sketch Resource Allocation for Software-defined Measurement Masoud Moshref, Minlan Yu, Ramesh Govindan, Amin Vahdat (CoNEXT’15)
Beating CountSketch for Heavy Hitters in Insertion Streams Vladimir Braverman (JHU) Stephen R. Chestnut (ETH) Nikita Ivkin (JHU) David P. Woodruff (IBM)
REU 2009-Traffic Analysis of IP Networks Daniel S. Allen, Mentor: Dr. Rahul Tripathi Department of Computer Science & Engineering Data Streams Data streams.
BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar.
Unique Packet Identifiers for Multipoint Monitoring of QoS Parameters Juraj Giertl, František Jakab Gorazd Baldovský, Ján Genči.
Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.
New Algorithms for Heavy Hitters in Data Streams David Woodruff IBM Almaden Joint works with Arnab Bhattacharyya, Vladimir Braverman, Stephen R. Chestnut,
Re-evaluating Measurement Algorithms in Software Omid Alipourfard, Masoud Moshref, Minlan Yu {alipourf, moshrefj,
SketchVisor: Robust Network Measurement for Software Packet Processing
Constant Time Updates in Hierarchical Heavy Hitters
Jennifer Rexford Princeton University
Data Streaming in Computer Networking
Qun Huang, Patrick P. C. Lee, Yungang Bao
SCREAM: Sketch Resource Allocation for Software-defined Measurement
Elastic Sketch: Adaptive and Fast Network-wide Measurements
Range-Efficient Computation of F0 over Massive Data Streams
Elastic Sketch: Adaptive and Fast Network-wide Measurements
Memento: Making Sliding Windows Efficient for Heavy Hitters
Constant Time Updates in Hierarchical Heavy Hitters
Network-Wide Routing Oblivious Heavy Hitters
Heavy Hitters in Streams and Sliding Windows
By: Ran Ben Basat, Technion, Israel
Lu Tang , Qun Huang, Patrick P. C. Lee
NitroSketch: Robust and General Sketch-based Monitoring in Software Switches Alan (Zaoxing) Liu Joint work with Ran Ben-Basat, Gil Einziger, Yaron Kassner,
(Learned) Frequency Estimation Algorithms
Presentation transcript:

Enabling a “RISC” Approach for Software-Defined Monitoring using Universal Streaming Vyas Sekar Zaoxing Liu, Greg Vorsanger, Vladimir Braverman

Network Management: Many Monitoring Requirements SDN Controller (OpenDayLight etc.) Traffic Engineering Analyze new user apps Anomaly Detection NetworkForensics Worm Detection Accounting Botnet analysis ……. “Heavy-hitters” “Flow size distribution” “SuperSpreaders” “Entropy”, “Traffic Changes” 1

Traditional: Packet Sampling Flow reports 1 Not good for fine-grained analysis Extensive literature on limitations for many tasks! Sample packets at random, aggregate into flows FlowId Counter Flow = Packets with same pattern Source and Destination Address and Ports Estimate: FSD, Entropy, Heavyhitters, Changes, SuperSpreaders ….

Application-Specific Sketches Packet Processing Counter Data Structures Application-Level Metric Heavy Hitter EntropySuperspreader Complexity: Need per-metric implementation Recent Example: OpenSketch [NSDI’13] Trend: Many more applications appear! …. Monitoring (on router) Bloom-filter, Count-min Sketch, reversible sketch, etc. 3 Packet Processing Counter Data Structures Application-Level Metric Packet Processing Counter Data Structures Application-Level Metric …. Traffic Computation (off router)

Packet Processing Counter Data Structures Application-Level Metric Support many applications Holy Grail of Flow Monitoring? Results with high accuracy 4 Traffic

Our Solution: Universal Monitoring 5 Recent theory advances: Universal Streaming Packet Processing Universal Sketch Traffic App 1 Application-specific Computation App n …... UnivMon Control Plane UnivMon Data Plane One sketch does it ALL

Theory of Universal Streaming 1. Vladimir Braverman, Rafail Ostrovsky: Zero-one frequency laws. STOC Generalizing the Layering Method of Indyk and Woodruff: Recursive Sketches for Frequency-Based Vectors on Streams. APPROX-RANDOM …... (A stream of length m with n unique items) ‘Universal’ Sketch Estimated G-sum frequency vector is 6

Universal Sketch Data Structure L2 Heavy Hitter Algorithms (1,4), (3,2),(5,2) Heavy Hitters (1,4), (5,2),(2,1) …... (2,1) 7 (5,2), (2,1) 0 1 log(n) …... Generate k=log(n) pairwise ind. zero-one hash functions: H 1 …. H k 25 5 Similar to counting bloom filter H 1 (1)=1, H 1 (5)=1, H 1 (2)=1 H 2 (5)=1, H 2 (2)=1 H 3 (2)=1 Levels Heavy Hitter Alg Count Sketch Alg …... Count-Sketch, Pick-and- drop etc. In Parallel

Estimating G-sum (1,4), (3,2),(5,2) Counters from Universal Sketch (1,4), (5,2), (2,1) …... (2,1) 8 (5,2),(2,1) Levels 0 1 log(n) …... Apply arbitrary g() (1,g(4)), (3,g(2)),(5,g(2)) (1,g(4)), (5,g(2)), (2,g(1)) (5,g(2)),(2,g(1)) (2,g(1)) Y 3 =g(1) Sum of the g()s Y 2 =g(1)+g(2) Y 1 =g(1)+g(2)+g(4) Y 0 =2g(1)+2g(2)+g(4) Estimated G-sum Recursive Steps: Y i-1 = 2Y i + new counters – repeated counters

Putting it together: UnivMon Universal Sketch Offline Recursive Computation 9

Comparison with custom sketches via OpenSketch Preliminary Evaluation 10 N/A

Distributed universal streaming Multidimensional data Dynamically change monitoring scope Feasibility of hardware implementations? Future Directions 11

12 Conclusions Network management needs many traffic metrics Today’s solutions offer undesirable extremes Generic but low fidelity (e.g., sampling) High fidelity but high complexity (e.g., specific-sketches) Holy grail: Universal Monitoring Decouple monitoring control and data plane like SDN! This work: Can be viable via Universal Sketches Several open questions e.g. dynamic, multidimensional, distributed, hardware viability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.